Engadget RSS Feedhttps://www.engadget.com/tag/symantec/rss.xml
https://www.blogsmithmedia.com/www.engadget.com/media/feedlogo.gif?cachebust=trueEngadget RSS Feedhttps://www.engadget.com/tag/symantec/rss.xml
en-usEngadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronicsCopyright 2017 AOL Inc. The contents of this feed are available for non-commercial use only.https://www.engadget.com/2017/06/23/symantec-russia-source-code-access/https://www.engadget.com/2017/06/23/symantec-russia-source-code-access/https://www.engadget.com/2017/06/23/symantec-russia-source-code-access/#comments

Security firm Symantec will no longer allow Russian authorities to inspect its source code, according to Reuters. "It poses a risk to the integrity of our products that we are not willing to accept," the company's Kristen Batch said. The worry is that by allowing the supposedly independent Federal Security Service (FSB) to examine source code, it would give Russia an inside view of potential software vulnerabilities and exploits.

Google and Symantec are engaged in a war about each other's security practices, with all of us caught in the crossfire. As TechCrunch reports, Google believes that Symantec has been improperly issuing security certificates for tens of thousands of websites. If the search engine follows through with its threat, then Chrome will soon no longer place the same level of trust in Symantec's certificates.

Symantec's mostly known as the makers of Norton AntiVirus, which is probably one of the most popular antivirus software in the world despite the, uh, occasional slip-up. Now, the company is venturing into hardware, with the release of the Norton Core. It's a mobile-enabled WiFi router that touts machine learning and Symantec's threat intelligence smarts to defend your home network from getting those digital nasties in the first place.

Symantec is acquiring identity-theft protection firm LifeLock for $2.3 billion. It's the company's latest move to branch out from malware protection into cybersecurity, following its purchase of Blue Coat, a company that safeguards web transactions. "With the combination of Norton and LifeLock, we will be able to deliver comprehensive cyber defense for consumers," Symantec CEO Greg Clark said in a statement.

It's bad enough that one hacker group has been wreaking havoc on banking systems worldwide, but it's apparently getting worse. Security firm Symantec reports that a second group, Odinaff, has infected 10 to 20 of its customers with malware that can cover up bogus money transfer requests sent through the ubiquitous SWIFT (Society for Worldwide Interbank Financial Telecommunication) messaging system. Most of the attacks targeted Australia, Hong Kong, the UK, the Ukraine and the US. And unlike the initial attackers, Odinaff appears to be a criminal organization (possibly linked to the infamous Carbanak team) rather than a state-sponsored outfit.

Products from Symantec that are supposed to protect users have made them much more open to attack, according to Google. Researcher Tavis Ormandy has spotted numerous vulnerabilities in 25 Norton and Symantec products that are "as bad as it gets," he says. "Just emailing a file to a victim or sending them a link to an exploit is enough to trigger it -- the victim does not need to open the file or interact with it in any way." Symantec has already published fixes for the exploits, so users would do well to install them immediately.

A certificate authority (CA) is a trusted entity that issues electronic certificates (duh) to verify identity on the Internet. They're a key part of secure communications online -- and thus super important. Then there's intermediate CAs, signed by a root CA, making certificates for any website. However, they're just as powerful as those root ones. Worse still, there's no full list for the ones your system trusts because root CAs can make new ones whenever it wants, and our computers will trust 'em immediately. This is a problem when companies get their hands on them, although they could have legitimate reasons for using an intermediate CA within their own networks.

Security holes in antivirus software are nothing new, but holes that exist across multiple platforms? That's rare... but it just happened. Google's Tavis Ormandy has discovered a vulnerability in Symantec's antivirus engine (used in both Symantec- and Norton-branded suites) that compromises Linux, Mac and Windows computers. If you use an early version of a compression tool to squeeze executables, you can trigger a memory buffer overflow that gives you root-level control over a system.

Not long ago, Symantec revealed that it had issued bogus security certificates for numerous web domains, including Google's... and as you might guess, Google isn't happy. The search firm is warning Symantec that, as of June 1st, any Symantec certificates which don't meet its transparency policy may create warnings and "problems" in Google products (read: they'll be deemed insecure). Moreover, it's asking Symantec to explain why it didn't catch some of the fake certificates, the causes behind each slip-up and the steps it'll take to set things right. Not surprisingly, Google doesn't want malicious sites posing as someone else (especially not Google) in order to deliver malware or perpetuate phishing scams.

China's government isn't just giving the boot to foreign operating systems; it's doing the same for security software, too. A national procurement agency has dropped Kaspersky and Symantec from its antivirus supplier list, leaving only Chinese companies as options. It's not clear that the move is directly linked to the country's concerns about foreign software being used for espionage. Kaspersky tellsReuters that it's in "conversations with authorities" about the move, but there isn't an official statement on the subject just yet. It wouldn't be shocking if there was a connection, however, since security tools are at the very heart of China's fears. The real surprise is the nature of the targets -- while many would expect China to distrust an American outfit like Symantec, it may be treating a Russian developer (Kaspersky) with a similar level of suspicion.

Update: Symantec says the list only applies to "certain types of procurement," and that it's not an out-and-out ban. Still, the company is looking into the report -- and any significant contract losses still represent significant problems.

Symantec COO Stephen Gillett is proud of his past accomplishments, including high-ranking positions at Starbucks, CNET, and Best Buy. But it may be his level 70 Paladin and Priest in World of Warcraft that got him in the door and up that ladder.

Gillett believes that adding his World of Warcraft guild leadership stats to his resume has helped him land these tops jobs. "Here's my guild. Here's my ranking. Here's my biggest online achievement," Gillett said in a CNN interview. "Some people look at it and say, 'What the hell is this?' And others will be like, 'That's exactly what I'm looking for.'"

"I think gamification and the way of thinking about it is applicable to any industry," Gillett continued. "Right now we get really good information on malware -- what it does, how it acts. But we have no telemetry on the human part of it -- what people were doing, thinking and believing when they encountered that particular threat."

Given how hard antivirus software makers push you to sign up, you'd think that business was booming. Far from it, according to Symantec's Brian Dye. He tells the Wall Street Journal that antivirus tools like his company's Norton suite are effectively "dead." The utilities now catch less than half of all attacks, according to the executive -- to him, the focus is on minimizing the damage whenever there's a successful hack or infection.

Phil Zimmermann is a legend in the world of online privacy, having invented PGP (Pretty Good Privacy) in 1991 to create a way of creating cryptographic privacy and authentication to keep digital communications -- and entire computers -- safe from prying eyes. Zimmermann was in the news last Friday when a company he founded -- Silent Circle -- decided to shut down and delete all email messages on its servers rather than have the US government force them to hand over customer data. One fascinating item in the Forbes article about the Silent Circle email shutdown was Zimmermann's admission that he doesn't use email much anymore because "PGP doesn't run very well on a Mac these days."

PGP Corporation was purchased by software giant Symantec in 2010 for US$300 million, and according to Mac user Zimmermann, "Symantec hasn't kept that up. So I hardly ever run PGP." In lieu of email, Zimmermann says that he uses Silent Circle's mobile texting service and iOS app Silent Text instead.

Forbes' Parmy Olson asked Zimmermann if he expected more people to move from using email to more secure mobile messaging systems. In his reply, Zimmermann noted, "Mobile messaging is less clunky than email. Email has its place. Sometimes you want to have an audit trail of business communication. Sometimes that's a feature rather than a liability. So email is not going to go away, but if you want to send secure messages, there are more streamlined ways to do it now."

A CNET article earlier this year noted that the US Drug Enforcement Administration is unhappy with Apple's iMessage encryption, saying that that "It is impossible to intercept iMessages between two Apple devices" even with a court order approved by a federal judge. The moral of the story? If you want to keep prying eyes from your personal communications, start shifting away from email and use encrypted messaging instead.

Most of us think we know the tale of Stuxnet: it's a possibly government-sponsored worm that played havoc with Iranian centrifuges in 2009, setting back the country's uranium enrichment program without involving any traditional weapons. Researchers at Symantec, however, now claim there's an untold narrative. They've discovered a Stuxnet 0.5 version that may have been in development or active as soon as November 2005, two years before the commonly accepted timeline. It first surfaced on trackers in November 2007, and would have created wider-ranging chaos at Iran's Natanz nuclear facility by closing vital pressure valves instead of using the subtler centrifuge technique.

Symantec also noticed that this pre-1.0 malware shares traits with the Flamer code base, putting it in the context of an even larger effort than seen so far. Moreover, it would have required extensive knowledge of the Natanz infrastructure -- this was no casual attack, according to the researchers. While we may never know exactly what prompted the revamp, IAEA evidence suggests that Stuxnet wasn't truly effective until the better-known version came into play. We mostly know that modern cyberwarfare had its fair share of growing pains -- and that it's not as fresh-faced as we assumed.

It seems Stuxnet and Flame aren't the only out-of-control cyber-weapons roaming around the Middle East. Security researchers from Symantec and Kaspersky have found that the Flame malware had the electronic equivalent of a "handler," a program called NEWSFORYOU, which is also in charge of three further viruses that are code-named SP, SPE and IP. The trio have yet to be analyzed, because although a cache of data has been discovered on a command-and-control server, decoding it has proved "virtually impossible." While both security companies have declined to point a finger as to the viruses' origin, Reuters' sources suggest they're from the United States, while The Washington Post has been told that the project was a joint-enterprise with Israel -- in keeping with the existing narrative that this is the pair behind Stuxnet.

The folks behind that nasty Flame trojan that burned its way through the Middle East aren't the kind to brag -- the malware's manufacturers apparently started dousing their own fire last week. According to Symantec reports, several compromised machines retrieved a file named browse32.ocx from Flame controlled servers, which promptly removed all traces of the malware from the infected systems. Although the attackers seem spooked, Microsoft isn't taking any chances, and has issued a fix to its Windows Server Update Services to block future attacks. The update hopes to protect networked machines from a similar attack by requiring HTTPS inspection servers to funnel Windows update traffic through an exception rule, bypassing its inspection. The attackers? "They're trying to cover their tracks in any way they can," Victor Thakur, principal security response manager at Symantec told the LA Times, "They know they're being watched." Check out the source link below for the Symantec's run down of the trojan's retreat.

People often wonder about what motivates the creators of malware. In the case of the Flashback malware that infected several hundred thousand Macs, it turns out that the motivator was money.

A post on the Symantec official blog listed the stages of infection from Flashback:

A user visits a compromised website.

The browser is redirected to an exploit site hosting numerous Java exploits.

CVE-2012-0507 is used to decrypt and install the initial OSX.Flashback.K component.

This component downloads a loader and an Ad-clicking component.

That ad-clicking component is what made the money for the scoundrels who wrote the malware. As the Symantec post explains, the malware specifically targets searches made on Google. Depending on the search query, the malware redirected the Mac user to another page chosen by the attacker, and the attacker received revenue from the click-through. Since Google never received the intended ad click, they lost revenue.

Symantec analyzed a similar botnet last year and determined that about 25,000 infected machines could net the attacker about US$450 per day. Based on the breadth of the Flashback attack, they estimated that the malware was earning its creators almost $10,000 per day.

If you haven't updated your Mac to counteract a possible Java malware attack, or run Apple's free tool for removing the malware from Macs that don't have Java installed, be sure to run Software Update as soon as possible to protect yourself.

Norton's Identity Safe is a free online service that aims to end the curse of forgotten passwords. If you've got a few social networking accounts, then keeping track of all your keys can be tough. This service remembers all of your log-in details and inputs them automatically when you next visit. It'll warn you about malicious websites and even lock away sensitive data (credit card numbers, social security codes) so if your paperwork goes missing -- you aren't in too much trouble. The companion smartphone / tablet app offers the same integration across all of your devices and is available now for Windows, OS X, iOS and Android gear from today.

Symantec said that folks running its pcAnywhere utility were at an "increased risk" when it revealed that the company had been hacked and its source codes pilfered, and advised customers to stop using pcAnywhere for the time being. Sage advice, as a hacker with the handle YamaTough -- who's affiliated with Anonymous -- helped do the deed and has now published the code for all the world to see. Apparently, the hacker and hackee had attempted to broker a deal for $50,000 to keep the code private, but neither side negotiated in good faith -- YamaTough always intended to release the code, and law enforcement was doing the talking for Symantec to catch him and his hacking cohorts. The good news is, Symantec has released several patches to protect pcAnywhere users going forward. As for the stolen code for Norton Antivirus, Internet Security and other Symantec software? Well, the company's expecting it to be disclosed, too, but because the code is from 2006, customers with current versions can rest easy.
]]>
anonymousbreachcyber crimecyber securitycybercrimecybersecurityhackhackerhackingnorton antivirusnortonantiviruspcanywheresymantectheftThu, 09 Feb 2012 09:24:00 -050021|20167804https://www.engadget.com/2012/01/26/source-code-theft-prompts-symantec-to-issue-warning-to-customers/https://www.engadget.com/2012/01/26/source-code-theft-prompts-symantec-to-issue-warning-to-customers/https://www.engadget.com/2012/01/26/source-code-theft-prompts-symantec-to-issue-warning-to-customers/#comments

Security software publisher Symantec has confirmed it was the victim of a cyber attack, resulting in the theft and disclosure of product source code. Earlier this month, the online-collective Anonymous stated, via Twitter, that it possessed portions of the code in question and planned to release it in support of a class-action lawsuit filed by consumers -- the suit claims Symantec employed scare tactics to encourage users to purchase its wares. Via its website, the company affirmed Anonymous' claims, citing a source code heist dating back to 2006. The post goes on to suggest that users running Norton Antivirus Corporate Edition, Norton Internet Security, Norton SystemWorks, Symantec Endpoint Protection 11.0, or Symantec AntiVirus 10.2 apply the latest maintenance patches. If you have the company's pcAnywhere solution deployed, Symantec suggests only using it for "business critical purposes," as this software is "at increased risk." Those looking to stay up-to-date on the breach and what Symantec is doing to ameliorate its effects can get the blow-by-blow from the source link below.
]]>
anonymousbreachcyber securitycybersecurityhacknorton antivirus corporate editionnorton gobacknorton internet securitynorton utilitiesnortonantiviruscorporateeditionnortongobacknortoninternetsecuritynortonutilitiespc anywherepcanywheresecuritysource codesourcecodesymantecsymantec antivirus 10.2symantec endpoint protection sep 11.0symantecantivirus10.2symantecendpointprotectionsep11.0theftThu, 26 Jan 2012 13:45:00 -050021|20157456https://www.engadget.com/2011/06/29/symantec-report-on-mobile-security-concludes-ios-and-android-bot/https://www.engadget.com/2011/06/29/symantec-report-on-mobile-security-concludes-ios-and-android-bot/https://www.engadget.com/2011/06/29/symantec-report-on-mobile-security-concludes-ios-and-android-bot/#comments

In Symantec's bleak, dystopian world, it doesn't matter whether you choose Android or iOS -- you'll be making yourself vulnerable to attacks regardless of the camp you're in. The company just concluded a study pitting iOS's security against Android's -- an undertaking intended mainly for corporate IT staffs trying to figure out which devices they can safely issue to employees. (Curiously, despite the enterprise focus, you won't find a single comparison against BlackBerrys.) Although iOS won higher marks when it came to thwarting traditional malware and showed a more modest advantage in terms of data loss, data integrity, and service attacks, the two platforms proved equally adept at preventing web-based attacks -- and equally powerless to catch socially engineered ones. And when it came to implementing certain security measures, such as permissions-based controls, Android pulled ahead.

Ultimately, Symantec (which sells mobile security software of its own, by the by) concluded that both "are still vulnerable to many existing categories of attacks," not least because both platforms allow users to sync with third-party apps or web services that may or may not be secure themselves. Indeed, Symantec's thesis is that Apple's App Store approval process helps explain its lead in the malware-blocking department. Also, in shocking news, Symantec adds that people using jailbroken are especially attractive targets for attackers, and that these devices are as vulnerable as computers. Don't say no one warned you. Head past the break for a press release with a summary of the findings or, if you're curious, hit the source link for a PDF version of the full report.
]]>
androidandroid phoneandroidphoneappleenterprisegoogleiosipadiphoneitmobile securitymobilesecurityreportresearchsecuritysmartphonesmartphone securitysmartphonesecuritystudysymantectablettablet securitytabletsecurityWed, 29 Jun 2011 17:00:00 -040021|19979682https://www.engadget.com/2011/02/15/intel-working-with-symantec-and-vasco-for-ipt-hardware-based-se/https://www.engadget.com/2011/02/15/intel-working-with-symantec-and-vasco-for-ipt-hardware-based-se/https://www.engadget.com/2011/02/15/intel-working-with-symantec-and-vasco-for-ipt-hardware-based-se/#comments

Phishers are getting so good and so numerous that even the most technically adept of online bankers should think twice before typing in that password. Even if it's a legit site, databases can be infiltrated and passwords can be cracked. Time for something more, then. Intel is working on it, teaming up with Symantec and Vasco on what's being broadly termed Identity Protection Technology, or IPT. This tech enables a computer to, in hardware, generate a one-time password (OTP) that a compatible site could accept. That computer would have been earlier paired with the site to ensure that only authorized machines sign on. It's similar to the random generating key fobs you might need to sign on to VPN, but built in to Intel's Core i3, i5, and i7 processors. Of course, that won't help if you e-mail your credit card number to a supposed friend who's supposedly stranded in some supposedly far away land, but it's progress.
]]>
core i3core i5core i7corei3corei5corei7i3i5i7identity protection technologyidentityprotectiontechnologyinteliptone time passwordonetimepasswordoptsymantecvascoTue, 15 Feb 2011 04:28:00 -050021|19842913https://www.engadget.com/2010/12/09/intellectual-ventures-begins-tech-patent-offensive-files-three/https://www.engadget.com/2010/12/09/intellectual-ventures-begins-tech-patent-offensive-files-three/https://www.engadget.com/2010/12/09/intellectual-ventures-begins-tech-patent-offensive-files-three/#commentsWe've always wondered why former Microsoft CTO Nathan Mhyrvold was stockpiling patents at his new company Intellectual Ventures, and it looks like we're starting to find out why: in addition to licensing the entire portfolio to HTC and Samsung, IV's just filed its first three patent lawsuits against nine tech companies. Details are sparse, but the first suit is against Symantec, McAfeee, Trend Micro, and Check Point Software, the second names Elpida Memory and Hynix, and the third is against Altera, Lattice Semiconductor, and Microsemi. We'd assume the patents in question are all super-technical in nature, but it's really not the specifics we're interested in -- it's more the fact that IV is starting to flex some muscle in the tech world, and that means a lot of money could change hands real fast. We'll see what happens.
]]>
alteracheck point softwareelpida memoryelpidamemoryhynixintellectual venturesintellectualventureslattice semiconductorlawsuitlegalmcafeeemicrosemipatentpatent lawsuitpatentlawsuitsymantectrend microThu, 09 Dec 2010 03:59:00 -050021|19752764https://www.engadget.com/2010/09/02/symantec-mobilizes-snoop-doggs-cybercrime-unit/https://www.engadget.com/2010/09/02/symantec-mobilizes-snoop-doggs-cybercrime-unit/https://www.engadget.com/2010/09/02/symantec-mobilizes-snoop-doggs-cybercrime-unit/#comments

You know what? Snoop has really done more than any technology company has to bring products to new audiences. Back in fifth grade we had no idea what indo was or why anyone would ever want to combine gin and juice; 3 weeks after "Doggystyle" came out we were hooked on both. At the beginning of last year we couldn't fathom our Grandpas asking Snoop for directions in the Caddy...but it happened. So why not make the leap to, you know, hawking desktop and internet security to urban markets? Symantec's Hack is Wack campaign aims to "bring the attention level up...just try to make people aware that these [cyber] crimes are happening." Snoop invites you to "raise awareness by making a rap song about cyber crimes" and uploading a video for judgment on "originality, creativity and message." The winner gets a pair of tickets to see Snoop, a chance to meet his "mgmt/agent" and a Toshiba laptop. It's been a while since we hit the mic or had any antivirus software installed, but he's got us thinking pretty hard about throwing down some rhymes and our credit cards for a copy of Norton 360 v4.0.